Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Whats a suitable crypto system for this app? 509/PGP?

1 view
Skip to first unread message

Kurt Häusler

unread,
Jul 3, 2007, 11:32:08 AM7/3/07
to
Hi,
I am developing part of an application that handles sets of medical data
that need to be encrypted when they are being saved to a disk or sent over
a network to protect patient privacy. Basically whenever they exist as a
file outside the the database.

Authentication or digital signatures are not considered that important but
could be a nice feature to add on.

At the moment we are thinking of 2 levels of security, the stronger option
is using a public key system, so it can be encrypted specifically for the
intended recipient and only them. The disadvantages are that there might
be no internet connection available to search for and download public keys.

So we are thinking of also offering a password based symmetric key option.
Where the password can be either generated or chosen at export time. That
can be printed out and posted or spoken to the recipient over the phone or
something, it would have to be less than 10 characters so people can
be bothered to type in.

I am a fan of OpenPGP and initially thought of using the PGP SDK, but the
MS Crypto API should also be considered. X.509 solutions seem to be taken
more seriously in the commercial world than web of trust systems, and
perhaps we could buy keys in bulk from a CA and provide them with the
software, if it works that way, it seems as though users need to present
id or personally visit the CA to get a trusted key, but I could be wrong
on that, X.509 does seem to focus more on digital signatures than
encryption.

Anyway what do you gurus think?

Any other out of the box solutions are most welcome.

Joseph Ashwood

unread,
Jul 4, 2007, 12:42:05 AM7/4/07
to
"Kurt Häusler" <use...@haeusler.NO.co.SPAM.nz> wrote in message
news:osidnftDGOFl9hfb...@giganews.com...

> Anyway what do you gurus think?


Security in a medical environment is difficult. This is because thre are
more complexities.

Take for example someplace like the Crane Center in San Jose, Ca, where each
time a person visits they receive a single-use number, and no names are ever
recorded. Obviously, the security of such records is largely
inconsequential. For such an environment I would have no problem saying that
PGP is sufficient.

At the other extreme would be the medical records of someone like George W
Bush. For someone of that stature the medical records are closely tied to
the person, and are extremely valuable. It is entirely conceivable that the
medical records of someone such as that can have a value of $1 trillion
(10^12) USD. I would not be at all comfortable saying that PGP is suitable
without a great deal more examination.

In my view it is necessary that you get multiple cryptanalysts, each
creating their own threat model, and any additional models they believe
applicable, then working together they should create a security model, and
make cryptographic choices. There are simply too many variables for this to
be taken care of on newsgroups, and even too much risk involved for the
eventual clients (the people who's medical information you are storing) for
a single cryptanalyst to be solely responsible. I also believe that it is
critical that the design be reviewed at least twice a year for any revisions
necessary. Medical protections are just that important.
Joe

0 new messages